Is the Internet of Things business case broken?

The Internet of Things (IoT) promised many benefits in terms of new applications and in particular new opportunities for a substantial change in societal behavioural patterns. And indeed we have witnessed many exciting new technologies and applications that are enabled by the IoT. In a Eurescom message article from 2010, I questioned whether there is actually an Internet of Things, because at that point in time it looked like we had already the billions of sensors connected to the network, yet the vendors and operators managed to keep the networks up and running. Now it is time for a reality check and a question about the sustainability of the current approach.

Cost for connectivity

In terms of cost for connectivity, I think we have not progressed much since and maybe we have even done a few steps backwards. Today virtually all IoT applications are based on some sort of client/server principle in which there is a substantial computing capacity in a virtualised computing environment to which each single sensor and actuator is connected somehow. This means that beyond the investment needs for the IoT enabled world (Capital Expenses – CAPEX) in the frontend, there is a substantial OPEX (Operational Expense) and CAPEX in the backend support for IoT enabled applications. Assuming an average lifetime of three to five years for the hardware delivering the computing capacity we are facing a disconnect with respect to the lifetime of other supporting infrastructures, such as networking where the depreciation time of infrastructure investments is in the order of 10-20 or more years, although shrinking. This means that the cost of supporting and serving hundreds of billions of smart objects in the long term is considerable and may not be included in the current assumptions about Total Cost of Ownership (TCO).

Security and trust

In terms of security and trust, I have not seen to date a future proof concept; even less a concept that is economically viable at the anticipated scale. The traditional model in which IT domains are organised and protected centrally by some gatekeeper will not work for the IoT world for the reasons induced by the extreme decentralisation of most IoT enabled systems. We cannot protect each smart object individually on an economically viable basis.

In the area of trust falls also the practice of many vendors delivering smart products that collect data about the behaviour of their customers in the hope that these data may be an exploitable asset. This is a serious and to date underestimated problem. In many cases individuals may not care (even if they knew) about the practice. However enterprises care a lot and sometimes have the means to discover and resist the practice. At least in Europe the trend in legislation is to strengthen the rights of citizens and businesses with respect to the control of their data.

Furthermore, a discovered vulnerability is a product defect and must be fixed. Traditional industries have been hit very hard economically in cases where recalls are necessary (e.g. the car industry). In the ICT industry the strategy is to distribute software updates, which nevertheless puts an increasing cost to the long term maintenance of IoT enabled applications. The fact that many new IT devices have a short expected lifetime motivates vendors to drop older devices from their maintenance roadmaps so that they do not receive security updates anymore. How will such devices be protected in the future? Do we need to replace our energy smart meters, digital doors locks and smart connected cars every three or five years when the vendors stop delivering security updates?

Future-readiness of IoT

In “Cyber physical systems” (CPS) IoT devices are directly connected to real world artefacts and have a substantial influence on their properties. Where homes, buildings and factories are smartened, it is a reasonable expectation by the customer that the devices used in this context have an expected lifetime in the same order of magnitude to be future proof. This is in the order of 30-50 years and beyond. In many cases different generations of products, that appear every 2-3 years, have different maintenance requirements and different ways of servicing. How will vendors and suppliers be able to cope with the long term cost of maintenance? Dumping the long term cost on the customers will not work, because when the early adopters discover that the TCO of a smart fridge is an order of magnitude higher than that of the stupid old fridge, they will start to question the added value of the smart world.

The hype about IoT and CPS has triggered many “innovations” in the market for which the added value for the customer is questionable. Vendors may think in terms of better maintenance and service for the benefit of the customer or about warranty tracking for the benefit of their own supply chain optimisation. But a smart coffee brewer, a smart toaster, or a smart water boiler, do not provide added value to the customer unless they make better coffee, better toast of better hot water! Certainly I don’t want to devalue many useful applications of the new technology, but it is always a simple and clear value proposition that decides about the market success of an IoT enabled product or service.

All above deficiencies culminate to an uncomfortable truth that the current business models around IoT might be broken. Of course this is the pessimistic view. An optimistic view formulates the problem such as that no one has yet found a viable and sustainable business model for the large scale. In order to progress the search for viable business models, the discussion of the broader issues above, gives us an indication that we have to face issues in four dimensions; namely (i) technology, (ii) business, (iii) policy and (iv) last but not least customer. All four dimensions are a source for requirements that have to be satisfied at the same time. Smart city experiments around the world are a good starting point to learn to deal with all these requirements, since all different dimensions are prominently present in most scenarios. However all smart city pilots that I have encountered to date are just that: pilots. None of these experiments claims a self-sustainable operation that is ready for the long term in the city scale.

In order to develop sustainable business models, they should not be designed around the traditional understanding of value chains, but should rather be designed with the flexibility to cope with value networks that emerge in digital business ecosystems.